Dunu Tech

Menu
Capability Statement
Contact Us
Contact Us
Capability Statement
Menu

Risks to National Security (FOCI and CFIUS)

Managing risks to national security is essential for organizations to protect critical infrastructure, safeguard sensitive information, maintain public trust, comply with legal and regulatory requirements, and contribute to national and global security. We can help your organization manage risk concerns related to foreign ownership, control, or influence (FOCI) and the Committee on Foreign Investment in the United States (CFIUS) regulations. 
  • The Committee on Foreign Investment in the United States (CFIUS)
  • Foreign Ownership, Control, or Influence (FOCI)

The Committee on Foreign Investment in the United States (CFIUS)

a multi-agency group that scrutinizes foreign investment transactions via mandatory review to determine their impact on national security. 

With DunuTech, your organization can:

➤ Prepare for the CFIUS review process by identifying potential risks associated with foreign investments. 

➤ Deploy mitigation strategies and supply the required information to CFIUS. 

➤ Reduce identified risks, including crafting agreements between parties that address national security concerns. 

Foreign Ownership, Control, or Influence (FOCI)

refers to potential risks to national security that may arise when a foreign entity has a significant financial stake in a US company or when the company has foreign investors, directors, or officers. 

With DunuTech, organizations can: 

➤ Understand and address threats to national security.

➤ Develop and implement mitigation strategies.

➤ Craft FOCI mitigation plans including Affiliated Operations Plans (AOPs), Electronic Communications Plans (ECPs), Technology Control Plans (TCPs), and Security Control Agreements (SCAs). 

Affiliated Operations Plan (AOP): a strategy designed to prevent unauthorized access to sensitive data in businesses with FOCI.

➤ Develop and implement an AOP that complies with US government standards.

➤ Identify sensitive data requiring protection, and formulate segregation plans. 

➤ Establish protocols for physical and personnel security to ensure a robust defense against potential risks. 

Electronic Communications Plan (ECP): outlines the supervision and administration of electronic communications between a US company with FOCI and its foreign owners, officers, and employees. 

With DunuTech, your organization can:

➤ Develop and implement an ECP that complies with US government standards.

➤ Craft a comprehensive communication management plan that considers electronic tools, systems, and access control measures. 

➤ Ensure secure and compliant communication practices. 

Technology Control Plan (TCP): outlines the measures a US business with FOCI must take to manage access to sensitive technology, equipment, and technical information. 

With DunuTech, organizations can:

➤ Develop and implement a TCP that complies with US government standards. 

➤ Identify sensitive technology and data requiring protection, establish access control policies, and devise plans for physical security. 

➤ Prevent unauthorized individuals from using, transferring, or disclosing sensitive technology to external parties. 

Security Cooperation Agreement (SCA): a legally binding agreement between a US company with FOCI and the Defense Security Service (DSS), now known as the Defense Counterintelligence and Security Agency (DCSA), outlining the company’s specific security requirements. 

With DunuTech, your organization can:

➤ Navigate the SCA process and meet the distinct security requirements associated with FOCI. 

➤ Implement security safeguards to prevent unauthorized access, disclosure, or loss of classified information. 

➤ Enforce safeguards including access controls, employee security measures, and reporting requirements.